[libvirt] [PATCH 3/3] apparmor: use AppArmorSetFDLabel for both imageFD and tapFD
Rename AppArmorSetImageFDLabel to AppArmorSetFDLabel which could
be used as a common function for *ALL* fd relabelling in Linux.
In apparmor profile for specific vm with uuid cdbebdfa-1d6d-65c3-be0f-fd74b978a773
Path: /etc/apparmor.d/libvirt/libvirt-cdbebdfa-1d6d-65c3-be0f-fd74b978a773.files
The last line is for the tapfd relabelling.
# DO NOT EDIT THIS FILE DIRECTLY. IT IS MANAGED BY LIBVIRT.
"/var/log/libvirt/**/rhel6qcow2.log" w,
"/var/lib/libvirt/**/rhel6qcow2.monitor" rw,
"/var/run/libvirt/**/rhel6qcow2.pid" rwk,
"/run/libvirt/**/rhel6qcow2.pid" rwk,
"/var/run/libvirt/**/*.tunnelmigrate.dest.rhel6qcow2" rw,
"/run/libvirt/**/*.tunnelmigrate.dest.rhel6qcow2" rw,
"/var/lib/libvirt/images/rhel6u3qcow2.img" rw,
"/dev/tap45" rw,
---
src/security/security_apparmor.c | 15 +++------------
1 files changed, 3 insertions(+), 12 deletions(-)
diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c
index 1972ab0..953775c 100644
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@@ -840,7 +840,7 @@ AppArmorRestoreSavedStateLabel(virSecurityManagerPtr mgr,
}
static int
-AppArmorSetImageFDLabel(virSecurityManagerPtr mgr,
+AppArmorSetFDLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
int fd)
{
@@ -871,15 +871,6 @@ AppArmorSetImageFDLabel(virSecurityManagerPtr mgr,
return reload_profile(mgr, def, fd_path, true);
}
-/* TODO need code here */
-static int
-AppArmorSetTapFDLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainDefPtr def ATTRIBUTE_UNUSED,
- int fd ATTRIBUTE_UNUSED)
-{
- return 0;
-}
-
virSecurityDriver virAppArmorSecurityDriver = {
.privateDataLen = 0,
.name = SECURITY_APPARMOR_NAME,
@@ -915,6 +906,6 @@ virSecurityDriver virAppArmorSecurityDriver = {
.domainSetSavedStateLabel = AppArmorSetSavedStateLabel,
.domainRestoreSavedStateLabel = AppArmorRestoreSavedStateLabel,
- .domainSetSecurityImageFDLabel = AppArmorSetImageFDLabel,
- .domainSetSecurityTapFDLabel = AppArmorSetTapFDLabel,
+ .domainSetSecurityImageFDLabel = AppArmorSetFDLabel,
+ .domainSetSecurityTapFDLabel = AppArmorSetFDLabel,
};
--
1.7.3.4